当前位置: 首页 > 图文教程 > 服务器 > Linux服务器 > Linux服务器上适用的防火墙分析

Linux服务器
linux下用cron定时执行任务的方法
.htaccess绑定域名到子目录的方法
linux apache下虚拟主机配置方法
apache 局域网访问配置方案
linux Apache服务器系统安全设置与优化
linux中mac地址绑定方法
linux托盘不断闪烁之解决方法
Apache配置 虚拟转向实例
Apache No space left on device的解决办法
Apache rewrite的重写相关的参数说明
LINUX入门级常用命令20条整理
Ubuntu设置开机自动挂载所有格式硬盘分区
5个可能被你忽略的Linux安全设置方法
学习Apache的mod rewrite、access写法
改版时保留原链接,创建新的URL的方法
rsync中文手册之使用rsync实现网站镜像和备份linux
rsync 数据同步使用详解
linux URL的301重定向代码分析
eclipse3.2.2 + MyEclipse5.5 + Tomcat5.5.27 配置数据库连接池
Apache服务器二级域名的完美实现

Linux服务器上适用的防火墙分析


出处:互联网   整理: 软晨网(RuanChen.com)   发布: 2009-10-18   浏览: 70 ::
收藏到网摘: n/a


#!/bin/bash
echo-e"\t\t\033[1;31mRainLowfirewall\033[mserverversion1.0rc1--09/24/2004\n"
echo-e"############################################"
echo-e"Thissoftwaremaybeusedanddistributedaccordingto"
echo-e"thetermsoftheGNUGeneralPublicLicense(GPL)provided"
echo-e"creditisgiventotheoriginalauthor."
echo-e"\t\t\t\033[1;31mCopyright(c)2004rainlow\033[m\n"
echo-e"\t\t\t\tAllrightsreserved\n\n\n"
echo-e"#######################################"

#nowbeginsthefirewall
echo-e"\n\t\t\tWelcometo\033[3;31mRainlowFirewall\033[0m\n\n"
echo-e"\t\t\t\t\033[1;32mhttp://www.rainlow.com\033[m\n"


PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
./etc/init.d/functions

exit_failure()
{
echo-en"\t\033[3;031m[FAILED]\033[0m\n"
echo-en"\033[3;031m->FATAL:$FAILURE\033[0m\n"
echo-en"\033[3;031m->**ABORTED**.\033[0m\n"
exit1
}

check_root()
{
ROOT_ID=0
echo"Checkingifyouareroot...."
if["$UID"="$ROOT_ID"]
then
echo-e"\n\tOK!continue....\n"
echo-e"\a"
else
echo-e"Sorry,youarenotrootandnotpermittedtodothisoption...\n"
echo-e"\a"
FAILURE="youcannotrunthiscommand,youmustberoottodothis"
exit_failure

fi
}

check_enviroment()
{
echo-e"\t\t\033[1;31mNowCheckingsoftwareenvrioment\033[m\n"

OS=`uname-s`
_OS=$OS
if["$_OS"!="Linux"];then
FAILURE="Sorrythisversioncanonlyworkunderlinux"
exit_failure
else
echo-en"\t\t\033[1;32mPASS\033[m\n"
fi

KERNELMAJ=`uname-r|sed-e's,\..*,,'`
KERNELMIN=`uname-r|sed-e's,[^\.]*\.,,'-e's,\..*,,'`

if["$KERNELMAJ"-lt2];then
FAILURE="Sorryyoukernelistooold,pleaseupgradeitfirst!"
exit_failure
fi
if["$KERNELMAJ"-eq2-a"$KERNELMIN"-lt4];then
FAILURE="onlykernelgreaterthan2.4issupported"
exit_failure
fi

if((`iptables-V2>&1|grep-c"Commandnotfound"`));then

FAILURE="cannotfindiptablescommandyoumustinstalliptablesfirst"
exit_failure
fi

if!((`whichmodprobe2>&1|grep-c"which:nomodprobein"`))&&
        ([-a/proc/modules]||![-a/proc/version]);then
if((`lsmod|grep-c"ipchains"`));then
rmmodipchains>/dev/null2>&1
fi
fi

}

wait()
{
echo|awk'{printf"||",$1}'
forxin`seq110`;
do
sleep1
echo"#"|awk'{printf"%s",$1}'
done

echo-en"\n"
}

iptables()
{
/sbin/iptables"$@"
}

mp()
{
/sbin/modprobe"$@"
}

load_module()
{
if[-e/lib/modules/`uname-r`/kernel/net/ipv4/netfilter/ip_tables.o]
then
echo-e"\n\tLoadingiptablesmodulespleasewait...."
mpip_tables
mpipt_LOG
mpipt_owner
mpipt_MASQURADE
mpipt_REJECT
mpipt_conntrack_ftp
mpipt_conntrack_irc
mpiptable_filter
mpiptable_nat
mpiptable_mangle
mpip_conntrack
mpipt_limit
mpipt_state
mpipt_unclean
mpipt_TCPMSS
mpipt_TOS
mpipt_TTL
mpipt_quota
mpipt_iplimit
mpipt_pkttype
mpipt_ipv4options
mpipt_MARK
echo-e"\t\t\t\t\033[3;032m[OK]\033[0m\n"
else
echo-e"\tSorry,noiptablesmodulesfound!!"
fi
}

ip_stack_adjust()
{
if[-e/proc/sys/net/ipv4/ip_forward]

then
echo-e"enableip_forward.pleasewait...."
echo0>/proc/sys/net/ipv4/ip_forward
echo-e"\t\t\t\t\033[3;032m[OK]\033[0m\n"
fi
if[-e/proc/sys/net/ipv4/ip_default_ttl]

then
echo-e"changingdefaultttl...."
echo88>/proc/sys/net/ipv4/ip_default_ttl
echo-e"\t\t\t\t\033[3;032m[OK]\033[0m\n"
fi
echo-e"\n\tdisabledynamicipsupport...."
echo0>/proc/sys/net/ipv4/ip_dynaddr
echo-e"\t\t\t\t\033[3;032m[OK]\033[0m\n"

if[-e/proc/sys/net/ipv4/ip_no_pmtu_disc]

then
echo-e"disablepathmtudiscovery.pleasewait...."
echo0>/proc/sys/net/ipv4/ip_no_pmtu_disc
echo-e"\t\t\t\t\033[3;032m[OK]\033[0m\n"
fi

if[-e/proc/sys/net/ipv4/ipfrag_high_thresh]

then
echo-e"changingipfrag_high_thresh.pleasewait...."
echo5800>/proc/sys/net/ipv4/ipfrag_high_thresh
echo-e"\t\t\t\t\033[3;032m[OK]\033[0m\n"
fi
if[-e/proc/sys/net/ipv4/ipfrag_low_thresh]

then
echo-e"changingipfrag_low_thresh.pleasewait...."
echo2048>/proc/sys/net/ipv4/ipfrag_low_thresh
echo-e"\t\t\t\t\033[3;032m[OK]\033[0m\n"
fi
if[-e/proc/sys/net/ipv4/ipfrag_time]

then
echo-e"changingipfrag_low_thresh.pleasewait...."
echo20>/proc/sys/net/ipv4/ipfrag_time
echo-e"\t\t\t\t\033[3;032m[OK]\033[0m\n"
fi
if[-e/proc/sys/net/ipv4/ipfrag_secret_interval]

then
echo-e"changingipfrag_secret_interval.pleasewait...."
echo600>/proc/sys/net/ipv4/ipfrag_secret_interval
echo-e"\t\t\t\t\033[3;032m[OK]\033[0m\n"
fi
if[-e/proc/sys/net/ipv4/tcp_syn_retries]

then
echo-e"changingtcp_syn_retries.pleasewait...."
echo4>/proc/sys/net/ipv4/tcp_syn_retries
echo-e"\t\t\t\t\033[3;032m[OK]\033[0m\n"
fi
if[-e/proc/sys/net/ipv4/tcp_synack_retries]

then
echo-e"changingtcp_synack_retries.pleasewait...."
echo4>/proc/sys/net/ipv4/tcp_synack_retries
echo-e"\t\t\t\t\033[3;032m[OK]\033[0m\n"
fi
if[-e/proc/sys/net/ipv4/tcp_keepalive_time]

then
echo-e"changingtcp_keepalive_time.pleasewait...."
echo300>/proc/sys/net/ipv4/tcp_keepalive_time
echo-e"\t\t\t\t\033[3;032m[OK]\033[0m\n"
fi
if[-e/proc/sys/net/ipv4/tcp_keepalive_probes]

then
echo-e"changingtcp_keepalive_probes.pleasewait...."
echo4>/proc/sys/net/ipv4/tcp_keepalive_probes
echo-e"\t\t\t\t\033[3;032m[OK]\033[0m\n"
fi
if[-e/proc/sys/net/ipv4/tcp_keepalive_intvl]

then
echo-e"changingtcp_keepalive_intvl.pleasewait...."
echo60>/proc/sys/net/ipv4/tcp_keepalive_intvl
echo-e"\t\t\t\t\033[3;032m[OK]\033[0m\n"
fi
if[-e/proc/sys/net/ipv4/tcp_retries1]

then
echo-e"changingtcp_retriest.pleasewait...."
echo3>/proc/sys/net/ipv4/tcp_retries1
echo-e"\t\t\t\t\033[3;032m[OK]\033[0m\n"
fi

if[-e/proc/sys/net/ipv4/tcp_retries2]

then
echo-e"changingtcp_retriest.pleasewait...."
echo15>/proc/sys/net/ipv4/tcp_retries2
echo-e"\t\t\t\t\033[3;032m[OK]\033[0m\n"
fi

if[-e/proc/sys/net/ipv4/tcp_orphan_retries]

then
echo-e"disabletcp